Just another WordPress.com site

Main menu

Category Archives: Oracle

Get metadata from a dblink (or anything else) using dbms_metadata. One of the nice things about this is that it will pull the dblink password and set it in the new database with the ‘BY VALUES’ keywords.

— Oracle Installation Vulnerabilities
insert into dbsrrin values (‘I’,’V0005658′,’DG0001′,’DBMS version support’,’Software not supported by the vendor is not evaluated or patched against newly found vulnerabilities.’,’1′);
— 10
if oraverno < 11 then
insert into dbsrrin values (‘I’,’V0004758′,’DG0002′,’DBMS version upgrade plan’,’An upgrade/migration plan has not been developed to address an unsupported DBMS software version.’,’2′);
end if;
insert into dbsrrin values (‘I’,’V0005659′,’DG0003′,’DBMS security patch level’,’The latest security patches have not been installed.’,’2′);
insert into dbsrrin values (‘I’,’V0006756′,’DG0005′,’DBMS administration OS accounts’,’Unnecessary privileges to the host system have been granted to DBA OS accounts.’,’2′);
insert into dbsrrin values (‘I’,’V0006767′,’DG0007′,’DBMS security compliance’,’The database has not been secured in accordance with DoD, vendor and commercially accepted practices where applicable.’,’2′);
insert into dbsrrin values (‘I’,’V0015608′,’DG0009′,’DBMS software library permissions’,’Access to DBMS software files and directories are granted to unauthorized users.’,’2′);
insert into dbsrrin values (‘I’,’V0002420′,’DG0010′,’DBMS software monitoring’,’Database executable and configuration files are not being monitored for unauthorized modifications.’,’3′);
insert into dbsrrin values (‘I’,’V0003726′,’DG0011′,’DBMS Configuration Management’,’Configuration management procedures are not defined and implemented for database software modifications.’,’3′);
insert into dbsrrin values (‘I’,’V0004754′,’DG0012′,’DBMS software storage location’,’Database data files are stored in the same logical storage partition as database application software.’,’2′);
insert into dbsrrin values (‘I’,’V0015126′,’DG0013′,’Database backup procedures’,’Database backup procedures are not defined, documented or implemented.’,’2′);
insert into dbsrrin values (‘I’,’V0003728′,’DG0016′,’DBMS unused components’,’Unused database components, database application software or database objects have not been removed from the DBMS system.’,’3′);
insert into dbsrrin values (‘I’,’V0003803′,’DG0017′,’DBMS shared production/development use’,’System resources and database identifiers are not clearly separated or defined.’,’2′);
insert into dbsrrin values (‘I’,’V0003805′,’DG0019′,’DBMS software ownership’,’Application software is not owned by a Software Application account.’,’3′);
insert into dbsrrin values (‘I’,’V0015129′,’DG0020′,’DBMS backup and recovery testing’,’Backup and recovery procedures have not been developed, documented, implemented or periodically tested.’,’2′);
insert into dbsrrin values (‘I’,’V0003806′,’DG0021′,’DBMS software and configuration baseline’,’A baseline of database application software is not documented or maintained.’,’2′);
insert into dbsrrin values (‘I’,’V0015610′,’DG0025′,’DBMS encryption compliance’,’Cryptography is not configured to comply with FIPS 140-2 requirements.’,’2′);
insert into dbsrrin values (‘I’,’V0002422′,’DG0040′,’DBMS software owner account access’,’The DBMS software installation account is not restricted to authorized users.’,’2′);
insert into dbsrrin values (‘I’,’V0015110′,’DG0041′,’DBMS installation account use logging’,’Use of the DBMS installation account is not logged.’,’2′);
insert into dbsrrin values (‘I’,’V0015111′,’DG0042′,’DBMS software installation account use’,’Use of the DBMS software installation account is not restricted to DBMS software installation, upgrade and maintenance actions.’,’2′);
insert into dbsrrin values (‘I’,’V0002423′,’DG0050′,’DBMS software and configuration file monitoring’,’Database software, applications and configuration files are not monitored to discover unauthorized changes.’,’2′);
insert into dbsrrin values (‘I’,’V0003808′,’DG0051′,’Database job/batch queue monitoring’,’Database job/batch queues are not reviewed regularly to detect unauthorized database job submissions.’,’2′);
insert into dbsrrin values (‘I’,’V0003807′,’DG0052′,’DBMS software access audit’,’All applications that access the database are not logged in the audit trail.’,’2′);
insert into dbsrrin values (‘I’,’V0003809′,’DG0053′,’DBMS client connection definition file’,’A single database connection configuration file is used to configure all database clients regardless of differing client access requirements.’,’2′);
insert into dbsrrin values (‘I’,’V0015611′,’DG0054′,’DBMS software access audit review’,’The audit logs are not periodically monitored to discover DBMS access using unauthorized applications.’,’3′);
insert into dbsrrin values (‘I’,’V0015107′,’DG0063′,’DBMS restore permissions’,’DBMS privileges to restore database data or other DBMS configurations, features or objects are not restricted to authorized DBMS accounts.’,’2′);
insert into dbsrrin values (‘I’,’V0015120′,’DG0064′,’DBMS backup and restoration file protection’,’DBMS backup and restoration files are not protected from unauthorized access.’,’2′);
insert into dbsrrin values (‘I’,’V0003811′,’DG0066′,’DBMS temporary password procedures’,’Procedures for establishing temporary passwords that meet DoD password requirements for new accounts are not defined, documented or implemented.’,’2′);
insert into dbsrrin values (‘I’,’V0003812′,’DG0067′,’DBMS account password external storage’,’Database passwords used by batch or job processes are not stored in encrypted format.’,’1′);
insert into dbsrrin values (‘I’,’V0003813′,’DG0068′,’DBMS application password display’,’DBMS tools or applications that echo or require a password entry in clear text are not protected from password display.’,’2′);
insert into dbsrrin values (‘I’,’V0015140′,’DG0069′,’Production Data Import to Development DBMS’,’Procedures and restrictions for import of production data to development databases are not documented, implemented or followed.’,’2′);
insert into dbsrrin values (‘I’,’V0015102′,’DG0083′,’DBMS audit report automation’,’Automated notification of suspicious activity detected in the audit trail is not implemented.’,’2′);
insert into dbsrrin values (‘I’,’V0015106′,’DG0086′,’DBMS DBA role privilege monitoring’,’DBA roles are not periodically monitored to detect assignment of unauthorized or excess privileges.’,’2′);
insert into dbsrrin values (‘I’,’V0015112′,’DG0088′,’DBMS vulnerability mgmt and IA compliance testing’,’The DBMS is not periodically tested for vulnerability management and IA compliance.’,’3′);
insert into dbsrrin values (‘I’,’V0015131′,’DG0090′,’DBMS sensitive data identification and encryption’,’Sensitive information stored in the database is not protected by encryption.’,’2′);
insert into dbsrrin values (‘I’,’V0015132′,’DG0092′,’DBMS data file encryption’,’Database data files containing sensitive information are not encrypted.’,’2′);
insert into dbsrrin values (‘I’,’V0003825′,’DG0093′,’Remote administration connection encryption’,’Remote adminstrative connections to the database are not encrypted.’,’2′);
insert into dbsrrin values (‘I’,’V0003827′,’DG0095′,’DBMS audit trail data review’,’Audit trail data is not reviewed daily or more frequently.’,’2′);
insert into dbsrrin values (‘I’,’V0015138′,’DG0096′,’DBMS IA policy and procedure review’,’The DBMS IA policies and procedures are not reviewed annually or more frequently.’,’3′);
insert into dbsrrin values (‘I’,’V0015139′,’DG0097′,’DBMS testing plans and procedures’,’Plans and procedures for testing DBMS installations, upgrades and patches are not defined or followed prior to production implementation.’,’2′);
insert into dbsrrin values (‘I’,’V0015618′,’DG0099′,’DBMS access to external local executables’,’Access to external DBMS executables is not disabled or restricted.’,’2′);
insert into dbsrrin values (‘I’,’V0015620′,’DG0101′,’DBMS external procedure OS account privileges’,’OS accounts used to execute external procedures are not assigned minimum privileges.’,’2′);
— 10
if oraverno < 11 then
insert into dbsrrin values (‘I’,’V0015141′,’DG0102′,’DBMS services dedicated custom account’,’DBMS processes or services are not run under custom, dedicated OS accounts.’,’2′);
end if;
insert into dbsrrin values (‘I’,’V0015621′,’DG0103′,’DBMS Listener network restrictions’,’The DBMS listener does not restrict database access by network address.’,’2′);
insert into dbsrrin values (‘I’,’V0015622′,’DG0104′,’DBMS service identification’,’DBMS service identification is not unique or does not clearly identify the service.’,’3′);
insert into dbsrrin values (‘I’,’V0015143′,’DG0106′,’Database data encryption configuration’,’Database data encryption controls are not configured in accordance with application requirements.’,’2′);
insert into dbsrrin values (‘I’,’V0015144′,’DG0107′,’DBMS sensitive data identification’,’Sensitive data is stored in the database and is not identified in the System Security Plan and AIS Functional Architecture documentation.’,’2′);
insert into dbsrrin values (‘I’,’V0015145′,’DG0108′,’DBMS restoration priority’,’The DBMS restoration priority has not been assigned.’,’3′);
insert into dbsrrin values (‘I’,’V0015146′,’DG0109′,’DBMS dedicated host’,’The DBMS is operated without authorization on a host system supporting other application services.’,’2′);
insert into dbsrrin values (‘I’,’V0015179′,’DG0110′,’DBMS host shared with a security service’,’The DBMS shares a host supporting an independent security service.’,’2′);
insert into dbsrrin values (‘I’,’V0015147′,’DG0111′,’DBMS dedicated software directories’,’The DBMS data files, transaction logs or audit files are not stored in dedicated directories or disk partitions separate from software or other application files.’,’2′);
insert into dbsrrin values (‘I’,’V0015625′,’DG0115′,’DBMS trusted recovery’,’Recovery procedures or technical system features do not exist to ensure that recovery is done in a secure and verifiable manner.’,’2′);
insert into dbsrrin values (‘I’,’V0015127′,’DG0118′,’IAM review of change in DBA assignments’,’The IAM is not reviewing changes to DBA role assignments.’,’2′);
insert into dbsrrin values (‘I’,’V0015105′,’DG0120′,’DBMS application user access to external objects’,’Unauthorized access to external database objects have not been removed from application user roles.’,’2′);
insert into dbsrrin values (‘I’,’V0015636′,’DG0129′,’DBMS passwords in transit’,’Passwords are not encrypted when transmitted across the network.’,’1′);
insert into dbsrrin values (‘I’,’V0015643′,’DG0140′,’DBMS security data access’,’Access to DBMS security data is not audited.’,’2′);
insert into dbsrrin values (‘I’,’V0015148′,’DG0152′,’DBMS network port, protocol and services (PPS) use’,’DBMS network communications do not comply with PPS usage restrictions.’,’2′);
insert into dbsrrin values (‘I’,’V0015150′,’DG0154′,’DBMS System Security Plan’,’The DBMS does not have a System Security Plan or the System Security Plan does not contain the required information.’,’3′);
insert into dbsrrin values (‘I’,’V0015649′,’DG0155′,’DBMS trusted startup’,’The DBMS does not verify trustworthiness of data and configuration files at startup.’,’2′);
insert into dbsrrin values (‘I’,’V0015651′,’DG0157′,’DBMS remote administration’,’Remote DBMS administration is not documented, not authorized or is not disabled.’,’2′);
insert into dbsrrin values (‘I’,’V0015652′,’DG0158′,’DBMS remote administration audit’,’DBMS remote administration is not audited.’,’2′);
insert into dbsrrin values (‘I’,’V0015118′,’DG0159′,’Review of DBMS remote administrative access’,’Remote administrative access to the database is not monitored by the IAO or IAM.’,’2′);
insert into dbsrrin values (‘I’,’V0015103′,’DG0161′,’DBMS Audit Tool’,’An automated tool that monitors audit data and immediately reports suspicious activity is not employed for the DBMS.’,’2′);
insert into dbsrrin values (‘I’,’V0015104′,’DG0167′,’Encryption of DBMS sensitive data in transit’,’Sensitive data served by the DBMS is not protected by encryption when transmitted across the network.’,’1′);
insert into dbsrrin values (‘I’,’V0015656′,’DG0171′,’DBMS interconnections’,’The DBMS has a connection defined to access or be accessed by a DBMS at a different classification level.’,’2′);
insert into dbsrrin values (‘I’,’V0015116′,’DG0175′,’DBMS host and component STIG compliancy’,’The DBMS host platform and other dependent applications are not configured in compliance with applicable STIG requirements.’,’2′);
insert into dbsrrin values (‘I’,’V0015117′,’DG0176′,’DBMS audit log backups’,’The DBMS audit logs are not included in backup operations.’,’2′);
insert into dbsrrin values (‘I’,’V0015658′,’DG0179′,’DBMS warning banner’,’The DBMS warning banner does not meet DoD policy requirements.’,’2′);
insert into dbsrrin values (‘I’,’V0015122′,’DG0186′,’DBMS network perimeter protection’,’The database is directly accessible from public or unauthorized networks.’,’2′);
insert into dbsrrin values (‘I’,’V0015121′,’DG0187′,’DBMS software file backups’,’DBMS software libraries are not periodically backed up.’,’2′);
insert into dbsrrin values (‘I’,’V0015659′,’DG0191′,’DBMS credential protection’,’Credentials used to access remote databases are not protected by encryption and restricted to authorized users.’,’2′);
insert into dbsrrin values (‘I’,’V0015108′,’DG0194′,’DBMS developer privilege monitoring on shared DBMS’,’Privileges assigned to developers on shared production and development DBMS hosts and the DBMS are not monitored every three months or more frequently for unauthorized changes.’,’2′);
insert into dbsrrin values (‘I’,’V0015109′,’DG0195′,’DBMS host file privileges assigned to developers’,’DBMS production application and data directories are not protected from developers on shared production/development DBMS host systems.’,’2′);
insert into dbsrrin values (‘I’,’V0015662′,’DG0198′,’DBMS remote administration encryption’,’Remote administration of the DBMS is not restricted to known, dedicated and encrypted network addresses and ports.’,’2′);
insert into dbsrrin values (‘I’,’V0003842′,’DO0120′,’Oracle process account host system privileges’,’The Oracle software installation account has been granted excessive host system privileges.’,’2′);
insert into dbsrrin values (‘I’,’V0003845′,’DO0145′,’Oracle SYSDBA OS group membership’,’OS DBA group membership has not been restricted to authorized accounts.’,’3′);
insert into dbsrrin values (‘I’,’V0003862′,’DO0286′,’Oracle connection timeout parameter’,’The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters are not set to a value greater than 0.’,’2′);
insert into dbsrrin values (‘I’,’V0003863′,’DO0287′,’Oracle SQLNET.EXPIRE_TIME parameter’,’The Oracle SQLNET.EXPIRE_TIME parameter is not set to a value greater than 0.’,’2′);
insert into dbsrrin values (‘I’,’V0003440′,’DO0360′,’DBMS mid-tier application account access’,’Connections by mid-tier web and application systems to the Oracle DBMS are not protected, encrypted or authenticated according to database, web, application, enclave and network requirements.’,’2′);
insert into dbsrrin values (‘I’,’V0003866′,’DO0430′,’Oracle management agent use’,’The Oracle Management Agent is installed, not required, not authorized or on a database accessible from the Internet.’,’3′);
insert into dbsrrin values (‘I’,’V0002608′,’DO3630′,’Oracle listener authentication’,’The Oracle Listener is not configured to require administration authentication.’,’1′);
insert into dbsrrin values (‘I’,’V0002612′,’DO5037′,’Oracle SQLNet and listener log files protection’,’Oracle SQLNet and listener log files are accessible to unauthorized users.’,’2′);
insert into dbsrrin values (‘I’,’V0003497′,’DO6740′,’Oracle listener ADMIN_RESTRICTIONS parameter’,’The Oracle Listener ADMIN_RESTRICTIONS parameter is present and set to OFF.’,’2′);
insert into dbsrrin values (‘I’,’V0016031′,’DO6746′,’Oracle Listener host references’,’The Oracle listener.ora file does not specify IP addresses rather than host names to identify hosts.’,’3′);
insert into dbsrrin values (‘I’,’V0016032′,’DO6747′,’Connection Manager remote administration’,’Remote administration is not disabled for the Oracle connection manager.’,’2′);
— 11
if oraverno > 10.2 then
insert into dbsrrin values (‘I’,’V0016033′,’DO6748′,’Oracle SEC_CASE_SENSITIVE_LOGON parameter’,’Case sensitivity for passwords is not enabled.’,’2′);
end if;
— 11
if oraverno > 10.2 then
insert into dbsrrin values (‘I’,’V0016035′,’DO6749′,’Oracle SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter’,’The Oracle SEC_MAX_FAILED_LOGIN_ATTEMPTS parameter is not set to an IAO-approved value between 1 and 3.’,’2′);
end if;
— 11
if oraverno > 10.2 then
insert into dbsrrin values (‘I’,’V0016053′,’DO6750′,’Oracle SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter’,’The Oracle SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter is not set to a value of DELAY or DROP.’,’2′);
end if;
— 10/11
if oraverno > 9.2 then
insert into dbsrrin values (‘I’,’V0016057′,’DO6751′,’SQLNET.ALLOWED_LOGON_VERSION’,’The SQLNet SQLNET.ALLOWED_LOGON_VERSION parameter is not set to a value of 10 or higher.’,’2′);
end if;
— 11
if oraverno > 10.2 then
insert into dbsrrin values (‘I’,’V0016054′,’DO6752′,’Oracle SEC_PROTOCOL_ERROR_TRACE_ACTION parameter’,’The Oracle SEC_PROTOCOL_ERROR_TRACE_ACTION parameter is set to NONE.’,’2′);
end if;
— 10/11
if oraverno > 9.2 then
insert into dbsrrin values (‘I’,’V0016055′,’DO6753′,’Oracle Application Express’,’Oracle Application Express or Oracle HTML DB is installed on a production database.’,’2′);
end if;
— 10/11
if oraverno > 9.2 then
insert into dbsrrin values (‘I’,’V0016056′,’DO6754′,’Oracle Configuration Manager’,’Oracle Configuration Manager is installed on a production system.’,’2′);
end if;

— Oracle Database Vulnerabilities
insert into dbsrrin values (‘D’,’V0005683′,’DG0004′,’DBMS application object owner accounts’,’Application object owner accounts are not disabled.’,’2′);
insert into dbsrrin values (‘D’,’V0015607′,’DG0008′,’DBMS application object ownership’,’Application objects are owned by accounts not authorized for ownership.’,’2′);
insert into dbsrrin values (‘D’,’V0015609′,’DG0014′,’DBMS demonstration and sample databases’,’Default demonstration and sample database objects and applications have not been removed.’,’2′);
insert into dbsrrin values (‘D’,’V0003727′,’DG0015′,’DBMS data definition language use’,’Database applications are not restricted from using static DDL statements to modify the application schema.’,’3′);
insert into dbsrrin values (‘D’,’V0005685′,’DG0029′,’Database auditing’,’Required auditing parameters for database auditing are not set.’,’2′);
insert into dbsrrin values (‘D’,’V0002507′,’DG0030′,’DBMS audit data maintenance’,’Audit trail data is not retained for one year.’,’2′);
insert into dbsrrin values (‘D’,’V0015133′,’DG0031′,’DBMS audit of changes to data’,’Transaction logs are not periodically reviewed for unauthorized modification of data. Users are not notified of time and date of the last change in data content.’,’2′);
insert into dbsrrin values (‘D’,’V0005686′,’DG0032′,’DBMS audit record access’,’Audit records are not restricted to authorized individuals.’,’2′);
insert into dbsrrin values (‘D’,’V0002424′,’DG0060′,’DBMS shared account authorization’,’Database non-interactive, n-tier connection, and shared accounts exist and are not documented or approved by the IAO.’,’2′);
insert into dbsrrin values (‘D’,’V0002508′,’DG0070′,’DBMS user account authorization’,’Unauthorized user accounts exist.’,’2′);
insert into dbsrrin values (‘D’,’V0003815′,’DG0071′,’DBMS password change variance’,’New passwords are not required to differ from old passwords by more than four characters.’,’2′);
insert into dbsrrin values (‘D’,’V0003817′,’DG0073′,’DBMS failed login account lock’,’Database accounts specify account lock times less than the site-approved minimum.’,’2′);
insert into dbsrrin values (‘D’,’V0015130′,’DG0074′,’DBMS inactive accounts’,’Unapproved inactive or expired database accounts have been found on the database.’,’2′);
insert into dbsrrin values (‘D’,’V0003818′,’DG0075′,’DBMS links to external databases’,’Unauthorized database links are defined and active.’,’2′);
insert into dbsrrin values (‘D’,’V0003819′,’DG0076′,’Sensitive data import to development DBMS’,’Sensitive information from production database exports remains unmodified after import to a development database.’,’2′);
insert into dbsrrin values (‘D’,’V0003820′,’DG0077′,’Production data protection on a shared system’,’Production databases are not protected from unauthorized access by developers on shared production/development host systems.’,’2′);
insert into dbsrrin values (‘D’,’V0015613′,’DG0078′,’DBMS individual accounts’,’Each database user, application or process does not have an individually assigned account.’,’2′);
insert into dbsrrin values (‘D’,’V0015152′,’DG0079′,’DBMS password complexity’,’DBMS login account passwords do not meet complexity requirements.’,’2′);
insert into dbsrrin values (‘D’,’V0003821′,’DG0080′,’DBMS application user privilege assignment review’,’Application user privilege assignment is not reviewed monthly or more frequently to ensure compliance with least privilege and documented policy.’,’2′);
insert into dbsrrin values (‘D’,’V0015615′,’DG0085′,’Minimum DBA privilege assignment’,’The DBA role is assigned excessive or unauthorized privileges.’,’2′);
insert into dbsrrin values (‘D’,’V0015616′,’DG0087′,’DBMS sensitive data labeling’,’Sensitive data is not labeled.’,’3′);
insert into dbsrrin values (‘D’,’V0015114′,’DG0089′,’Developer DBMS privileges on production databases’,’Developers are assigned excessive privileges on production databases.’,’3′);
insert into dbsrrin values (‘D’,’V0003823′,’DG0091′,’DBMS source code encoding or encryption’,’Custom and GOTS application source code stored in the database has not been protected with encryption or encoding.’,’3′);
insert into dbsrrin values (‘D’,’V0015617′,’DG0098′,’DBMS access to external local objects’,’Access to external objects has not been disabled and is not required or authorized.’,’2′);
insert into dbsrrin values (‘D’,’V0015619′,’DG0100′,’DBMS replication account privileges’,’Replication accounts are granted DBA privileges.’,’2′);
insert into dbsrrin values (‘D’,’V0015128′,’DG0105′,’DBMS application user role privilege assignment’,’DBMS application user roles are assigned unauthorized privileges.’,’2′);
insert into dbsrrin values (‘D’,’V0015623′,’DG0112′,’DBMS system data file protection’,’DBMS system data files are not stored in dedicated disk directories.’,’2′);
insert into dbsrrin values (‘D’,’V0015624′,’DG0113′,’DBMS dedicated data files’,’DBMS data files are not dedicated to support individual applications.’,’2′);
insert into dbsrrin values (‘D’,’V0015626′,’DG0116′,’DBMS privileged role assignments’,’Database privileged role assignments are not restricted to IAO-authorized DBMS accounts.’,’2′);
insert into dbsrrin values (‘D’,’V0015627′,’DG0117′,’DBMS administrative privilege assignment’,’Administrative privileges are not assigned to database accounts via database roles.’,’2′);
insert into dbsrrin values (‘D’,’V0015628′,’DG0119′,’DBMS application user role privileges’,’DBMS application users are granted administrative privileges to the DBMS.’,’2′);
insert into dbsrrin values (‘D’,’V0015629′,’DG0121′,’DBMS application user privilege assignment’,’Application users privileges have not been restricted to assignment using application user roles.’,’2′);
insert into dbsrrin values (‘D’,’V0015630′,’DG0122′,’Sensitive data access’,’Access to sensitive data is not restricted to authorized users identified by the Information Owner.’,’2′);
insert into dbsrrin values (‘D’,’V0015631′,’DG0123′,’DBMS Administrative data access’,’Access to DBMS system tables and other configuration or metadata is not restricted to DBAs.’,’2′);
insert into dbsrrin values (‘D’,’V0015632′,’DG0124′,’DBA account use’,’Use of DBA accounts is not restricted to administrative activities.’,’2′);
insert into dbsrrin values (‘D’,’V0015153′,’DG0125′,’DBMS account password expiration’,’DBMS account passwords are not set to expire every 60 days or more frequently.’,’2′);
insert into dbsrrin values (‘D’,’V0015633′,’DG0126′,’DBMS account password reuse’,’Password reuse is not prevented where supported by the DBMS.’,’2′);
insert into dbsrrin values (‘D’,’V0015634′,’DG0127′,’DBMS account password easily guessed’,’DBMS account passwords are set to easily guessed words or values.’,’2′);
insert into dbsrrin values (‘D’,’V0015635′,’DG0128′,’DBMS default passwords’,’DBMS default accounts have not been assigned custom passwords.’,’1′);
insert into dbsrrin values (‘D’,’V0015637′,’DG0130′,’DBMS passwords in executables’,’DBMS passwords used by batch jobs or executables are stored in the job or executable files.’,’2′);
insert into dbsrrin values (‘D’,’V0015639′,’DG0133′,’DBMS Account lock time’,’Unlimited account lock times are not specified for locked accounts.’,’2′);
insert into dbsrrin values (‘D’,’V0015641′,’DG0135′,’DBMS connection alert’,’Users are not alerted upon login of previous successful connections or unsuccessful attempts to access their account.’,’2′);
insert into dbsrrin values (‘D’,’V0015642′,’DG0138′,’DBMS access to sensitive data’,’Access grants to sensitive data is not restricted to authorized user roles.’,’2′);
insert into dbsrrin values (‘D’,’V0015644′,’DG0141′,’DBMS access control bypass’,’Attempts to bypass access controls is not audited.’,’2′);
insert into dbsrrin values (‘D’,’V0015645′,’DG0142′,’DBMS Privileged action audit’,’Changes to configuration options are not audited.’,’2′);
insert into dbsrrin values (‘D’,’V0015646′,’DG0145′,’DBMS audit record content’,’Audit records do not contain required information.’,’2′);
insert into dbsrrin values (‘D’,’V0015647′,’DG0146′,’DBMS connection block audit’,’Audit records do not include the reason for blacklisting or disabling DBMS connections or accounts.’,’2′);
insert into dbsrrin values (‘D’,’V0015149′,’DG0153′,’DBMS DBA roles assignment approval’,’DBA roles assignments are not assigned and authorized by the IAO.’,’3′);
insert into dbsrrin values (‘D’,’V0015654′,’DG0165′,’DBMS symmetric key management’,’DBMS symmetric keys are not protected in accordance with NSA or NIST-approved key management technology or processes.’,’2′);
insert into dbsrrin values (‘D’,’V0015142′,’DG0166′,’Protection of DBMS asymmetric encryption keys’,’Asymmetric keys do not use DoD PKI Certificates or are not protected in accordance with NIST (unclassified data) or NSA (classified data) approved key management and processes.’,’2′);
insert into dbsrrin values (‘D’,’V0015657′,’DG0172′,’DBMS classification level audit’,’Changes to DBMS security labels are not audited.’,’2′);
insert into dbsrrin values (‘D’,’V0015154′,’DG0190′,’DBMS remote system credential use and access’,’Credentials stored and used by the DBMS to access remote databases or applications are not authorized or restricted to authorized users.’,’2′);
insert into dbsrrin values (‘D’,’V0015660′,’DG0192′,’DBMS fully-qualified name for remote access’,’Remote database or other external access do not use fully-qualified names.’,’3′);
insert into dbsrrin values (‘D’,’V0002511′,’DO0140′,’Oracle default account access’,’Access to the Oracle SYS and SYSTEM accounts is not restricted to authorized DBAs.’,’2′);
insert into dbsrrin values (‘D’,’V0003846′,’DO0155′,’Oracle default tablespace assignment’,’Unauthorized accounts have the SYSTEM tablespace specified as the default tablespace.’,’2′);
insert into dbsrrin values (‘D’,’V0003847′,’DO0157′,’Oracle storage use privileges’,’Database application user accounts have not been denied storage usage for object creation within the database.’,’3′);
insert into dbsrrin values (‘D’,’V0002515′,’DO0190′,’Oracle audit table ownership’,’The audit table is not owned by SYS or SYSTEM.’,’2′);
insert into dbsrrin values (‘D’,’V0002516′,’DO0210′,’Oracle shared replication account access’,’Access to default accounts used to support replication are not restricted to authorized DBAs.’,’2′);
insert into dbsrrin values (‘D’,’V0002517′,’DO0220′,’Oracle instance names’,’Oracle instance names contain Oracle version numbers.’,’2′);
insert into dbsrrin values (‘D’,’V0003848′,’DO0221′,’Oracle default SID name’,’The Oracle SID is the default SID.’,’3′);
insert into dbsrrin values (‘D’,’V0003849′,’DO0231′,’Oracle application object owner tablespaces’,’Application owner accounts do not have a dedicated application tablespace.’,’2′);
— 11
if oraverno > 10.2 then
insert into dbsrrin values (‘D’,’V0015747′,’DO0233′,’Oracle DIAGNOSTIC_DEST parameter’,’The directory assigned to the DIAGNOSTIC_DEST parameter is not protected from unauthorized access.’,’2′);
end if;
insert into dbsrrin values (‘D’,’V0003850′,’DO0234′,’Oracle AUDIT_FILE_DEST parameter’,’The directory assigned to the AUDIT_FILE_DEST parameter is not protected from unauthorized access.’,’2′);
— 10
if oraverno < 11 then
insert into dbsrrin values (‘D’,’V0003851′,’DO0235′,’Oracle USER_DUMP_DEST parameter’,’The directory assigned to the USER_DUMP_DEST parameter is not protected from unauthorized access.’,’2′);
end if;
— 10
if oraverno < 11 then
insert into dbsrrin values (‘D’,’V0003852′,’DO0236′,’Oracle BACKGROUND_DUMP_DEST parameter’,’The directory assigned to the BACKGROUND_DUMP_DEST parameter is not protected from unauthorized access.’,’2′);
end if;
— 10
if oraverno < 11 then
insert into dbsrrin values (‘D’,’V0003853′,’DO0237′,’Oracle CORE_DUMP_DEST parameter’,’The directory assigned to the CORE_DUMP_DEST parameter is not protected from unauthorized access.’,’2′);
end if;
insert into dbsrrin values (‘D’,’V0003854′,’DO0238′,’Oracle LOG_ARCHIVE_DEST parameter’,’The directories assigned to the LOG_ARCHIVE_DEST* parameters are not protected from unauthorized access.’,’2′);
insert into dbsrrin values (‘D’,’V0002519′,’DO0240′,’Oracle OS_ROLES parameter’,’The Oracle OS_ROLES parameter is not set to FALSE.’,’3′);
insert into dbsrrin values (‘D’,’V0003857′,’DO0243′,’Oracle _TRACE_FILES_PUBLIC parameter’,’The Oracle _TRACE_FILES_PUBLIC parameter is present and not set to FALSE.’,’2′);
insert into dbsrrin values (‘D’,’V0002520′,’DO0250′,’Oracle database link usage’,’Fixed user and public database links are not authorized for use.’,’2′);
insert into dbsrrin values (‘D’,’V0002521′,’DO0260′,’Oracle control file availability’,’A minimum of two Oracle control files are not defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.’,’2′);
insert into dbsrrin values (‘D’,’V0002522′,’DO0270′,’Oracle redo log file availability’,’A minimum of two Oracle redo log groups/files is not defined and configured to be stored on separate, archived physical disks or archived directories on a RAID device.’,’2′);
insert into dbsrrin values (‘D’,’V0003858′,’DO0275′,’Oracle critical file access’,’Oracle critical files should be protected from unauthorized access.’,’2′);
insert into dbsrrin values (‘D’,’V0003437′,’DO0320′,’Oracle PUBLIC role privileges’,’Application role permissions are assigned to the Oracle PUBLIC role.’,’2′);
insert into dbsrrin values (‘D’,’V0003438′,’DO0340′,’Oracle Application administration roles enablement’,’Oracle application administration roles are enabled and not required or authorized.’,’2′);
insert into dbsrrin values (‘D’,’V0003439′,’DO0350′,’Oracle system privilege assignment’,’Oracle system privileges are directly assigned to unauthorized accounts.’,’2′);
insert into dbsrrin values (‘D’,’V0003865′,’DO0420′,’Oracle XML DB’,’The XDB Protocol server is installed and not required and authorized for use.’,’3′);
insert into dbsrrin values (‘D’,’V0002527′,’DO3440′,’Oracle DBA role assignment’,’The DBA role has been granted to unauthorized user accounts.’,’2′);
insert into dbsrrin values (‘D’,’V0002531′,’DO3447′,’Oracle OS_AUTHENT_PREFIX parameter’,’The Oracle OS_AUTHENT_PREFIX parameter is set to the default value of OPS$.’,’3′);
insert into dbsrrin values (‘D’,’V0002533′,’DO3451′,’WITH GRANT OPTION privileges’,’The Oracle WITH GRANT OPTION privilege has been granted to non-DBA or non-Application administrator user accounts.’,’2′);
insert into dbsrrin values (‘D’,’V0002539′,’DO3475′,’Oracle PUBLIC access to restricted packages’,’Execute permission should be revoked from PUBLIC for restricted Oracle packages.’,’2′);
insert into dbsrrin values (‘D’,’V0002552′,’DO3536′,’Oracle IDLE_TIME profile parameter’,’The IDLE_TIME profile parameter is not set for Oracle profiles IAW DoD policy.’,’2′);
insert into dbsrrin values (‘D’,’V0002554′,’DO3538′,’Oracle REMOTE_OS_AUTHENT parameter’,’The Oracle REMOTE_OS_AUTHENT parameter is not set to FALSE.’,’1′);
insert into dbsrrin values (‘D’,’V0002555′,’DO3539′,’Oracle REMOTE_OS_ROLES parameter’,’The Oracle REMOTE_OS_ROLES parameter is not set to FALSE.’,’1′);
insert into dbsrrin values (‘D’,’V0002556′,’DO3540′,’Oracle SQL92_SECURITY parameter’,’The Oracle SQL92_SECURITY parameter is not set to TRUE.’,’2′);
insert into dbsrrin values (‘D’,’V0002558′,’DO3546′,’Oracle REMOTE_LOGIN_PASSWORDFILE parameter’,’The Oracle REMOTE_LOGIN_PASSWORDFILE parameter is not set to EXCLUSIVE or NONE.’,’2′);
insert into dbsrrin values (‘D’,’V0002559′,’DO3547′,’Oracle UTL_FILE_DIR parameter’,’The Oracle UTL_FILE_DIR parameter should be modified from the default value of *.’,’1′);
insert into dbsrrin values (‘D’,’V0002561′,’DO3609′,’System privileges granted WITH ADMIN OPTION’,’System privileges granted using the WITH ADMIN OPTION are granted to unauthorized user accounts.’,’2′);
insert into dbsrrin values (‘D’,’V0002562′,’DO3610′,’Oracle minimum object auditing’,’Required object auditing is not configured.’,’2′);
insert into dbsrrin values (‘D’,’V0002564′,’DO3612′,’Oracle system privilege assignment’,’System Privileges are granted to PUBLIC.’,’2′);
insert into dbsrrin values (‘D’,’V0002574′,’DO3622′,’Oracle roles granted WITH ADMIN OPTION’,’Oracle roles granted using the WITH ADMIN OPTION are granted to unauthorized accounts.’,’2′);
insert into dbsrrin values (‘D’,’V0002586′,’DO3685′,’Oracle O7_DICTIONARY_ACCESSIBILITY parameter’,’The Oracle O7_DICTIONARY_ACCESSIBILITY parameter is not set to FALSE.’,’3′);
— 10.1
if oraverno < 10.2 then
insert into dbsrrin values (‘D’,’V0002587′,’DO3686′,’Oracle SYS.LINK$ table access’,’Oracle accounts have permission to view the table SYS.LINK$ which contain unencrypted database link passwords.’,’1′);
end if;
insert into dbsrrin values (‘D’,’V0002589′,’DO3689′,’Oracle object permission assignment to PUBLIC’,’Object permissions granted to PUBLIC are not restricted.’,’2′);
insert into dbsrrin values (‘D’,’V0002593′,’DO3696′,’Oracle RESOURCE_LIMIT parameter’,’The Oracle RESOURCE_LIMIT parameter is not set to TRUE.’,’2′);